CVE-2019-4565
HIGHIBM Security Key Lifecycle Manager <3.0.1 - Info Disclosure
Title source: llmDescription
IBM Security Key Lifecycle Manager 3.0 and 3.0.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 166626.
References (2)
Core 2
Core References
Patch, Vendor Advisory x_refsource_confirm
https://www.ibm.com/support/pages/security-bulletin-ibm-security-key-lifecycle-manager-uses-weak-password-policy-cve-2019-4565
VDB Entry, Vendor Advisory vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/166626
Scores
CVSS v3
7.5
EPSS
0.0148
EPSS Percentile
70.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-521
Status
published
Products (1)
ibm/security_key_lifecycle_manager
3.0 - 3.0.0.2
Published
Sep 20, 2019
Tracked Since
Feb 18, 2026